OpenBSD execve /bin/sh shellcode - 23 bytes.
8f00e44c4a45338b557e7499f30b7b8bda9809aa9a64fff1af2fdfa4189b5661Cfingerd prior to v1.4.2 remote root exploit - Takes advantage of the syslog format string bug. Tested on Debian 2.1 and 2.2.
70f413a4d20fd258ec79ede4b34842fe8435ef1209fb32fae0d717b0718d3107Ronin.c is a FreeBSD-4.2 remote root exploit. Requires user access and a writable home directory without chroot.
d2e33c037790692c389b96a7601e8f1408b6545023a8abce9baf0cbcdda89c20IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported.
741b2174f1d45b58f7cca7e4db1350122e6d08c2efe2f6c730443a283ac7d7faPrelude is a Network Intrusion Detection system which captures packets and performs data analysis and reporting. Important and current features of Prelude include an IP defragmentation stack and detection plugins with persistent state.
6feda35afe8a18ce578080c77f7a2f91d4a84d46bdb43ac7788feb8c64552cbaJail is a chrooted environment using bash. its main use is to put it as shell for any user you want to be chrooted. Their primary goals is to be simple, clean, and highly portable.
938b8986029b7595504857489b600ded2f0f24a824a7891db64affb1107f7e3bMIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.10 / 8.11 and will alter or delete various parts of a MIME message according to a flexible configuration file.
d32c240679204649fcf05a4aa3a006414e98f8ffd021ddc409cdea6c2656a0d6The G6 FTP server v2.00 freezes if told to create a directory "COM1", "COM2", "COM3" or "COM4".
716e570229564b04ebe6d9eb93f65830929d5d4b253495f360aab2e142e6e52fWolf Attacks 1.8 - Includes over 70 dos attacks in one ksh script.
04665bc8164acc5c3e762db3daa590cdad05e739caae693c77b65b6f611a018eStealth HTTP Security Scanner 1.0 build 22 - Checks for 2883 http vulnerabilities. Run on Win32 and Linux under Wine. Free.
82260d87a282b393b077b7cde1303822ee9957ae526e01c78056016d7240e7e5CERT Advisory CA-2001-10 - Buffer Overflow Vulnerability in Microsoft IIS 5.0. A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine, allowing them to gain complete administrative control of the machine.
f215451f6d6376e8b5ed3f0beb0666e204a7f74278f6a383259175da5237fb79Red Hat Security Advisory RHSA-2001:058-04 - Updated mount packages fixing a potential security problem are available. If any swap files were created during installation of Red Hat Linux 7.1 (they were created during updates if the user requested it), they were world-readable, meaning every user could read data in the swap file(s), possibly including passwords. The affected swap files are called /mountpoint/SWAP and /mountpoint/SWAP-(numeral). The new mount command enforces sane permissions on swap space.
124b8b8ddbcaa829ee3032564a659dd5977018fbbda66ea69f56615192c30a6cPort Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) which are easily leveraged against a machine via nmap.
62226780f8631029198e451e6a4531a59fa349cf2cbc6aeb0dada91d144be116LSM (Loadable Security Module) is a simple but effective intrusion prevention loadable kernel module. Currently it protects extended file attributes on ext2 from being modified by the super user and the module from being removed and other modules from being loaded. This basic protection also prevents access to raw devices, so debugfs can not be used on a disk partition nor can a change to the boot process occur. Loading this module prevents lilo configuration.
1de7821846c64cd5d4168a036843a4cea66368f91eaf9ef6b0e7ee18e1f4daf0IPtrap listens to several TCP ports to simulate fake services (X11, Netbios, DNS, etc) . When a remote client connects to one of these ports, his IP address gets immediately firewalled and an alert is logged. It runs with iptables and ipchains, but any external script can also be launched. IPv6 is supported.
70f37c5a7ca4018a0086bef3aec281a74a711d1ee06b470652095d11310979d2Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
e53c93c7698f2df8bd31c289b00bcdaf6bb7b30e422ddb8b921488ad923178a2Eeye Security Advisory - Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access). Affects Microsoft Windows 2000 Internet Information Services 5.0 + Service Pack 1. The vulnerability arises when a buffer of aprox. 420 bytes is sent within the HTTP Host: header for a .printer ISAPI request. Successful attacks are not logged in the IIS access logs.
823ece01e6bb14f8b3fbea2b4d268322ebb462e32c5dedd81802824820639ecfWindows 2000 / IIS 5.0 sp0 + sp1 remote exploit. Overflows the Host: header of the isapi .printer extension. The included shellcode creates a file in the root drive of c:\ which contains instructions on how to patch your vulnerable server. Compiles on Windows, linux, and *bsd.
9fff87f325e3b0b2e95b688b5c791f29e66f7277f9fd816703595f63a89b9eebISS X-Force is aware of a vulnerability that can be used to attack Microsoft Internet Information Server (IIS). This vulnerability may allow an attacker to compromise a host running a vulnerable version of IIS. The compromise may lead to Web page defacement and theft of sensitive or confidential information. In addition, this vulnerability can be used in conjunction with other exploits to further compromise affected systems.
775b962801b88729d6a6728a04293da2e67437ad128f3b5ef34731e52f9cb69eFreeBSD Security Advisory FreeBSD-SA-01:39.tcp-isn - FreeBSD systems prior to 4.3-RELEASE contain vulnerabilities in the TCP ISN's. Protocols which authenticate solely based on IP address are vulnerable to blind spoofing attacks.
700f3059198dd27dcf3b53b265bad6f0fc17a276e98cf8ee1f2a96aa3ccd7ba9Windows 2000 / IIS 5.0 + SP1 Internet Printing Protocol vulnerability test. Causes a memory leak and reports whether or not the remote site is vulnerable, but does not contain shellcode.
7acc303c4980d09fc650229e55553b5c0ada450b62f78168bace6cbcf5152918Packet Storm new exploits for April, 2001.
1ee99a479d4700f9ed4ba3fc1f4a5c8f7734614567248a0d84cc0031c6ff919fCert Advisory CA-2001-09 - Many systems are vulnerable to Initial Sequence Number (ISN) attacks, allowing attackers to manipulate and spoof tcp connections. Many systems use the Central Limit Theorem to protect the ISN, however these machines are still vulnerable to statistical attack. If the ISNs of future connections of a system are guessed exactly, an attacker will be able to complete a TCP three-way handshake, establish a phantom connection, and spoof TCP packets delivered to a victim. Affected systems include Cisco, FreeBSD prior to 4.3-RELEASE, OpenBSD prior to 2.8-current, Fujitsu, HP/UX, and SGI.
a5cf495414857e9c5fa8708b2e706b102950f10f44a8a44da848af3b556213e6Microsoft Security Advisory MS01-023 - A serious vulnerability has been discovered in Windows 2000's IIS 5.0 in the handling of the Internet Printing Protocol (IPP). An buffer overflow in the ISAPI extension which handles input parameters allows any website user to execute arbitrary code with the local system security context, giving an attacker complete control over the server. The server must have tcp port 80 or 443 open. Microsoft FAQ on this issue available here.
459e672e876ff12c3cc8e618df416141205863c58da36096bdcb03712f214acdRed Hat Security Advisory RHSA-2001:059-03 - kdesu created a world-readable temporary file to exchange authentication information and delete it shortly after. This can be abused by a local user to gain access to the X server and can result in a compromise of the account kdesu accesses.
ba07e8c2e770d6a3392d1ba7d78a980ab3b7a12aaf0d6beae53b1a763be874b0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed